Environment
Security Manager 6.5
Situation
Unable to specify syslog2 type custom provider for archival filtering
Resolution
The workflow works differently for syslog type. In order to filter data for a syslog provider, you will need to do this at the provider level itself, and not the rule level. The advantage here is that the event will never enter the workflow, making the provider is much more efficient.
Cause
There is not an archival filter rule type for syslog
Additional Information
Formerly known as NETIQKB72432